Healthcare Information Security

Patient Privacy

Boston judge refuses hospital PHI disclosure waiver request

by Patrick Ouellette

A Boston judge provided a reminder this week that a healthcare organization’s and a patient’s rights to release medical records under HIPAA are very different and a bid for a court order wouldn’t help a provider sidestep record...

U.S. Digital Service team “playbook” includes data security

by Patrick Ouellette

President Barack Obama’s U.S. Digital Service team recently released its “playbook” that collected successful digital systems best practices from the private sector and government. The Digital Service team’s goal is to...

New Blue Cross, Blue Shield HIE prompts privacy questions

by Patrick Ouellette

Blue Shield of California and Anthem Blue Cross joining forces this week was big news in healthcare, as a total of 9 million customers will have their records in the new comprehensive network, Cal INDEX. However, this large health information...

Essentia Health acknowledges patient privacy breach

by Patrick Ouellette

Essentia Health of Fargo, North Dakota, has announced a patient privacy breach after a marketing firm was able to acquire 430 patient names and addresses without their consent. The firm, Get Marketing, was mistakenly given the some sort of portable...

Healthcare warming to Google Glass, privacy questions remain

by Patrick Ouellette

If nothing else, Google Glass remains a polarizing topic in healthcare as hospitals continue to work with the technology and attempt to create efficiency gains by connecting the product to electronic health records. However, there are still...

Sutter lawsuit plaintiffs plan to go to Calif. Supreme Court

by Patrick Ouellette

Despite the Third District Court of Appeal of California’s decision that Sutter Medical Foundation hadn’t violated the Confidentiality of Medical Information Act (CMIA), the patient plaintiffs who filed the suit aren’t ready...

HIPAA Privacy Rule: Notice of Privacy Practices requirements

by Patrick Ouellette

The Department of Health and Human Services (HHS) has proven how important it considers the Notices of Privacy Practices (NPPs) as part of the HIPAA Privacy Rule by both offering sample NPPs last year and recently introducing its NPP challenge...

Appeals court: Sutter record exposure didn’t violate CMIA

by Patrick Ouellette

The Third District Court of Appeal of California again ruled in favor of Sutter Medical Foundation on Monday, as the court maintained that Sutter had not violated the Confidentiality of Medical Information Act (CMIA). This was the second appellate...

VA accused of using HIPAA to block waiting list disclosures

by Patrick Ouellette

Are there instances where federal privacy laws are misused and actually end up being detrimental to the patient? According to a recent Washington Post report, some believe the Department of Veterans Affairs (VA) is using HIPAA as a mechanism...

Reviewing the qualities of a healthcare privacy officer

by Patrick Ouellette

A common mistake in healthcare is to lump privacy and security as one unit, as each require their own areas of expertise. Similar to IT security professionals, there are some basic qualities that a privacy officer should have to best serve...

Do third parties regularly access consumer health data?

by Patrick Ouellette

Consumer-generated healthcare data privacy doesn’t appear to have caused too many ripples in the general public’s consciousness to this point. But a recent California Healthcare Foundation report looks at how personal health information...

State VA clinics dealing with patient privacy issues

by Patrick Ouellette

On top of myriad public image issues it’s dealing with, the U.S. Department of Veteran Affairs (VA) is currently resolving two different patient privacy breaches in Minneapolis and Baltimore, respectively. First, the recently-opened Shakopee...

How private should medical billing collection data be?

by Patrick Ouellette

A recent report by the Argus Leader looked at the effects on patient privacy when medical debt is collected and reports are filed in court. These files may include items such as patient treatments or other private information and the privacy...

Medtronic reveals patient data exposure in SEC filing

by Patrick Ouellette

Though medical device maker Medtronic revealed that hackers had entered network on two separate occasions last year in its Securities and Exchange Commission (SEC) filing and didn’t steal anything, the incident appears to be in a bit of...

HIPAA Privacy Rule: Authorized patient data disclosures

by Patrick Ouellette

Assuming a disclosure is not permitted in the HIPAA Privacy Rule, a healthcare organization must limit patient data uses and disclosures to only those that are authorized. In reviewing the HIPAA Privacy Rule, the Department of Health and Human...

HIPAA Privacy Rule: Permitted PHI uses and disclosures

by Patrick Ouellette

Though sometimes the goals of the HIPAA Privacy Rule can get lost in data breach and monetary penalty news, ensuring that patient data is both properly protected and accessible should be a consistent focus for the healthcare industry. Balancing...

Tiger Team offers HITPC behavioral health recommendations

by Patrick Ouellette

The Office of the National Coordinator (ONC) Health Information Technology Policy Committee (HITPC) held its June meeting yesterday, where the Privacy and Security Tiger Team provided an update of its recent work. The Tiger Team has concentrated...

Colorado limits patient data access with new house bill

by Patrick Ouellette

Colorado recently introduced a new House Bill, titled Limits on Government Access to Personal Medical Information, regarding restrictions on the ability of a government entity to access an individual’s personal medical information. The...

Why IT security pros need health information privacy skills

by Patrick Ouellette

Healthcare privacy and security are inexorably linked, as the two terms are often referenced in tandem, but the need for privacy expertise shouldn’t be lost in the weeds as organizations look to beef up their security programs. Healthcare...

HHS, CMS issue new health exchange patient data privacy rules

by Patrick Ouellette

As part of President Barack Obama’s new final rule that will regulate Affordable Care Act (ACA) standards for patient protection, the Centers for Medicare & Medicaid Services (CMS) and Department of Health and Human Services (HHS) will...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks